### Create OIDC Directories Source: https://www.cilogon.org/oidc Command to create necessary directories for OIDC setup within the Apache DocumentRoot. ```bash mkdir -p /var/www/html/oidc/redirect ``` -------------------------------- ### Extract Access and Refresh Tokens Source: https://www.cilogon.org/oidc Parses the token response JSON to extract the access token and refresh token into environment variables. Requires `jq` to be installed. ```bash export CILOGON_ACCESS_TOKEN=$(jq -r .access_token < cilogon-token-response.json) export CILOGON_REFRESH_TOKEN=$(jq -r .refresh_token < cilogon-token-response.json) ``` -------------------------------- ### Example OIDC Claim Values Source: https://www.cilogon.org/auth0 Sample values for OIDC claims received after authentication. These demonstrate the type of information that can be extracted and used by the application. ```text OIDC_CLAIM_aud IKTrI3l4ms3nyUF6GObI1Wkt9yrmyEEM OIDC_CLAIM_email jsmith@illinois.edu OIDC_CLAIM_exp 1709286360 OIDC_CLAIM_family_name Smith ``` -------------------------------- ### Set CILogon Client Credentials Source: https://www.cilogon.org/oidc Set environment variables for your registered CILogon client ID, client secret, and redirect URI. Ensure you replace the example values with your actual client credentials. ```bash export CILOGON_CLIENT_ID=cilogon:/client_id/6e8fdae3459dac6c685c6b6de37c188c export CILOGON_CLIENT_SECRET=euWajTysidMofassawoigDiweoj1olwa export CILOGON_REDIRECT_URI=https://localhost/callback ``` -------------------------------- ### CILogon Token Request (Success Response) Source: https://www.cilogon.org/device Example of a cURL command to request a token from the CILogon token endpoint, resulting in a successful response containing access, refresh, and ID tokens. This indicates the user has authorized the request. ```shell export CLIENT_ID="cilogon:/client_id/6e8fdae3459dac6c685c6b6de37c188c" export CLIENT_SECRET="euWajTysidMofassawoigDiweoj1olwa" export \ DEVICE_CODE="NB2HI4DTHIXS6Y3JNRXWO33OFZXXEZZPN5QXK5DIGIXTGNJYMIZWCYZSGA2WMMJTHEZGENTDG42DSZJSH52HS4DFHVQXK5DIPJDXEYLOOQTHI4Z5GE3DENZTGE2DCMRRHAYDAJTWMVZHG2LPNY6XMMROGATGY2LGMV2GS3LFHU4TAMBQGAYA" curl --data-urlencode "client_id=$CLIENT_ID" \ --data-urlencode "client_secret=$CLIENT_SECRET" \ --data-urlencode "device_code=$DEVICE_CODE" \ --data-urlencode "grant_type=urn:ietf:params:oauth:grant-type:device_code" \ https://cilogon.org/oauth2/token { "access_token":"NB2HI4DTHIXS6ZDF...", "refresh_token":"NB2HI4DTHIXS6ZDF...", "id_token":"eyJ0eXAiOiJKV1Q...", "token_type":"Bearer", "expires_in":900 } ``` -------------------------------- ### CILogon Token Request (Error Response) Source: https://www.cilogon.org/device Example of a cURL command to request a token from the CILogon token endpoint, resulting in an 'authorization_pending' error. This indicates the device client should continue polling. ```shell export CLIENT_ID="cilogon:/client_id/6e8fdae3459dac6c685c6b6de37c188c" export CLIENT_SECRET="euWajTysidMofassawoigDiweoj1olwa" export \ DEVICE_CODE="NB2HI4DTHIXS6Y3JNRXWO33OFZXXEZZPN5QXK5DIGIXTGNJYMIZWCYZSGA2WMMJTHEZGENTDG42DSZJSH52HS4DFHVQXK5DIPJDXEYLOOQTHI4Z5GE3DENZTGE2DCMRRHAYDAJTWMVZHG2LPNY6XMMROGATGY2LGMV2GS3LFHU4TAMBQGAYA" curl --data-urlencode "client_id=$CLIENT_ID" \ --data-urlencode "client_secret=$CLIENT_SECRET" \ --data-urlencode "device_code=$DEVICE_CODE" \ --data-urlencode "grant_type=urn:ietf:params:oauth:grant-type:device_code" \ https://cilogon.org/oauth2/token { "error":"authorization_pending", "error_description":"authorization pending" } ``` -------------------------------- ### Decode JWT ID Token using jq Source: https://www.cilogon.org/device Example of using the `jq` command-line tool to decode the base64-encoded payload of a JWT ID token. This is useful for inspecting user attributes within the token. ```shell echo "eyJ0eXAiOiJKV1Q..." | jq -R 'split(".") | .[1] | @base64d | fromjson' { "email": "johndoe@gmail.com", "given_name": "John", "family_name": "Doe", "name": "John Doe", "iss": "https://cilogon.org", "sub": "http://cilogon.org/serverA/users/12345", "aud": "cilogon:/client_id/6e8fdae3459dac6c685c6b6de37c188c", "token_id": "https://cilogon.org/oauth2/idToken/4ebf936e829678468e/162731549", "auth_time": 1627315490, "exp": 1627316391, "iat": 1627315491 } ``` -------------------------------- ### mod_auth_openidc Location Block Source: https://www.cilogon.org/auth0 Define the access control for a specific URL path using mod_auth_openidc. This example requires valid user authentication for the /oidc/ location. ```apache AuthType openid-connect Require valid-user ``` -------------------------------- ### Auth0 Fetch User Profile Script Source: https://www.cilogon.org/auth0 This JavaScript function is used within Auth0 to fetch user profile information from CILogon after authentication. It makes a GET request to the CILogon userinfo endpoint and processes the response to create a user profile object for Auth0. ```javascript function fetchUserProfile(accessToken, context, callback) { request.get( { url: 'https://cilogon.org/oauth2/userinfo', headers: { 'Authorization': 'Bearer ' + accessToken, } }, (err, resp, body) => { if (err) { return callback(err); } if (resp.statusCode !== 200) { return callback(new Error(body)); } let bodyParsed; try { bodyParsed = JSON.parse(body); } catch (jsonError) { return callback(new Error(body)); } const profile = {}; profile.user_metadata = {}; profile.user_id = bodyParsed.sub; const optional = [ "email", "family_name", "given_name", "name" ]; optional.forEach((opt) => { if (bodyParsed[opt]) { profile[opt] = bodyParsed[opt]; } }); const attributes = [ "acr", "affiliation", "amr", "entitlement", "eppn", "eptid", "eduPersonAssurance", "eduPersonOrcid", "idp", "idp_name", "isMemberOf", "itrustuin", "member_of", "oidc", "ou", "pairwise_id", "preferred_username", "sub", "subject_id", "uid", "uidNumber", "voPersonExternalID" ]; attributes.forEach((attr) => { if (bodyParsed[attr]) { profile['user_metadata'][attr] = bodyParsed[attr]; } }); callback(null, profile); } ); } ``` -------------------------------- ### Set Optional CILogon Query Parameters Source: https://www.cilogon.org/oidc Demonstrates how to set optional query parameters like idphint and skin for CILogon authentication requests. ```apache OIDCAuthRequestParams skin=ncsa&idphint=http%3A%2F%2Fgoogle.com%2Faccounts%2Fo8%2Fid,http%3A%2F%2Fgithub.com%2Flogin%2Foauth%2Fauthorize,http%3A%2F%2Forcid.org%2Foauth%2Fauthorize,urn%3Amace%3Aincommon%3Auiuc.edu ``` -------------------------------- ### OA4MP CILogon Client Configuration Source: https://www.cilogon.org/oidc Sample configuration for an OA4MP OIDC client interacting with the main CILogon server. ```xml myproxy:oa4mp,2012:/client_id/7a76544eb234d6c5436fcb9f710480669 https://cilogon.org/oauth2 https://cilogon.org/authorize https://myclient.bigstate.edu/client2/ready qhkEE47e54sXMD1E6EpyDaauvMAu02uUoXeRlLX0o915i6Cb_GArkN dataOne ``` -------------------------------- ### Construct Authorization URL Source: https://www.cilogon.org/oidc Construct the authorization URL for CILogon, including response type, client ID, redirect URI, and requested scopes. The 'openid' scope is mandatory. ```bash https://cilogon.org/authorize?response_type=code&client_id=cilogon:/client_id/6e8fdae3459dac6c685c6b6de37c188c&redirect_uri=https://localhost/callback&scope=openid+profile+email+org.cilogon.userinfo ``` -------------------------------- ### Retrieve User Information Source: https://www.cilogon.org/oidc Uses the obtained access token to fetch user profile information from the CILogon userinfo endpoint. The output is piped to `jq` for pretty-printing. ```bash curl -d access_token=$CILOGON_ACCESS_TOKEN \ https://cilogon.org/oauth2/userinfo \ | jq ``` -------------------------------- ### Configure mod_auth_openidc for Apache Source: https://www.cilogon.org/oidc Configure mod_auth_openidc in Apache to use CILogon for OpenID Connect authentication. Ensure your HTTPD server is configured for HTTPS. ```apache LoadModule auth_openidc_module /usr/lib64/httpd/modules/mod_auth_openidc.so OIDCProviderMetadataURL https://cilogon.org/.well-known/openid-configuration OIDCOAuthServerMetadataURL https://cilogon.org/.well-known/openid-configuration OIDCClientID "YOUR CLIENT IDENTIFIER" OIDCClientSecret "YOUR CLIENT SECRET" OIDCRedirectURI https://www.example.org/oidc/redirect OIDCScope "openid email profile org.cilogon.userinfo" OIDCCryptoPassphrase "A PASSPHRASE OF YOUR CHOOSING" ### OPTIONAL mod_auth_openidc CONFIGURATION PARAMETERS. FOR MORE INFO, SEE: ### https://raw.githubusercontent.com/zmartzone/mod_auth_openidc/master/auth_openidc.conf OIDCPassRefreshToken On # If your application works with refresh tokens OIDCSessionInactivityTimeout 3600 # If your application doesn't save user attributes OIDCSessionMaxDuration 86400 # If your application doesn't save user attributes ``` -------------------------------- ### Apache HTTPD OIDC Configuration Source: https://www.cilogon.org/oidc Basic Apache HTTPD configuration to enable OpenID Connect authentication for a specific location. ```apache AuthType openid-connect Require valid-user ``` -------------------------------- ### Exchange Authorization Code for Token Source: https://www.cilogon.org/oidc Use this command to exchange an authorization code for an access token and a refresh token. The response is saved to a JSON file for parsing. ```bash curl -d grant_type=authorization_code \ -d client_id=$CILOGON_CLIENT_ID \ -d client_secret=$CILOGON_CLIENT_SECRET \ -d code=$CILOGON_CODE \ -d redirect_uri=$CILOGON_REDIRECT_URI \ https://cilogon.org/oauth2/token \ > cilogon-token-response.json ``` -------------------------------- ### mod_auth_openidc Configuration for Auth0 Source: https://www.cilogon.org/auth0 Configure the Apache mod_auth_openidc module to use Auth0 as an OpenID Connect provider. This includes setting the provider metadata URL, issuer, client ID, client secret, redirect URI, and scopes. ```apache OIDCProviderMetadataURL https://dev-6y8b2h2hokjgf8yn.us.auth0.com/.well-known/openid-configuration OIDCProviderIssuer https://dev-6y8b2h2hokjgf8yn.us.auth0.com/ OIDCClientID "MY TEST APP CLIENT ID COPIED FROM AUTH0 SETTINGS PAGE" OIDCClientSecret "MY TEST APP CLIENT SECRET COPIED FROM AUTH0 SETTINGS PAGE" OIDCCryptoPassphrase ThisIsARandomPassphraseCHANGEIT OIDCRedirectURI https://example.org/oidc/redirect OIDCScope "openid profile email" ``` -------------------------------- ### Handle Redirect with Authorization Code Source: https://www.cilogon.org/oidc After successful authentication, CILogon redirects to your specified redirect URI with an authorization code. Extract this code from the URL. ```bash https://localhost/callback?code=NB2HI4DTHIXS6Y3JNRXWO33OFZXXEZZPN5QXK5DIGIXTMYZTMU4TQMLDGVRGMY3EGA4TSNLDGFQTSNRXGVSTSMBZGIZDKNJ7OR4XAZJ5MF2XI2D2I5ZGC3TUEZ2HGPJRGYZTOMZVGM3TANRVHE3SM5TFOJZWS33OHV3DELRQEZWGSZTFORUW2ZJ5HEYDAMBQGA ``` -------------------------------- ### OpenID Connect Discovery Source: https://www.cilogon.org/oidc The OpenID Connect discovery endpoint provides metadata about the OIDC provider, allowing clients to dynamically discover configuration details. ```APIDOC ## GET /.well-known/openid-configuration ### Description Retrieves the OIDC provider's configuration metadata. ### Endpoint https://cilogon.org/.well-known/openid-configuration ``` -------------------------------- ### Device Authorization Request Source: https://www.cilogon.org/device Initiates the device authorization flow by sending client credentials and requested scopes to the device authorization server. The server responds with codes and URIs necessary for user authentication and token retrieval. ```APIDOC ## POST /oauth2/device_authorization ### Description Requests device authorization from the server. The client sends its identifier, optionally a secret, and the desired scopes. The server returns codes and URIs for the user to complete the authorization process. ### Method POST ### Endpoint https://cilogon.org/oauth2/device_authorization ### Parameters #### Request Body - **client_id** (string) - Required - The CILogon OAuth2/OIDC client identifier. - **client_secret** (string) - Optional - For Confidential Clients, the secret associated with the client_id. Omitted for Public Clients. - **scope** (string) - Optional - A space-separated list of scopes to request. Public Clients can only request "openid". If omitted, registered scopes are assumed. ### Response #### Success Response (200) - **device_code** (string) - A code to be used when contacting the token endpoint. - **user_code** (string) - A code to be entered by the user in a web browser. - **expires_in** (integer) - Time in seconds until the user code expires. - **verification_uri** (string) - The URL where the user can enter the user code. - **verification_uri_complete** (string) - A URL that includes the user code for automatic entry. - **interval** (integer) - The minimum time in seconds the device client must wait between token endpoint queries. ### Request Example ```bash export CLIENT_ID="cilogon:/client_id/6e8fdae3459dac6c685c6b6de37c188c" export CLIENT_SECRET="euWajTysidMofassawoigDiweoj1olwa" curl --data-urlencode "client_id=$CLIENT_ID" \ --data-urlencode "client_secret=$CLIENT_SECRET" \ --data-urlencode "scope=openid email profile" \ https://cilogon.org/oauth2/device_authorization ``` ### Response Example ```json { "device_code": "NB2HI4DTHIXS6Y3JNRXWO33OFZXXEZZPN5QXK5DIGIXTGNJYMIZWCYZSGA2WMMJTHEZGENTDG42DSZJSH52HS4DFHVQXK5DIPJDXEYLOOQTHI4Z5GE3DENZTGE2DCMRRHAYDAJTWMVZHG2LPNY6XMMROGATGY2LGMV2GS3LFHU4TAMBQGAYA", "user_code": "PLK-NGF-V77", "expires_in": 900, "interval": 5, "verification_uri": "https://cilogon.org/device/", "verification_uri_complete": "https://cilogon.org/device/?user_code=PLK-NGF-V77" } ``` ``` -------------------------------- ### Refresh Access Token using Refresh Token Source: https://www.cilogon.org/oidc Use a refresh token to obtain a new access token when refresh tokens are enabled for your client. The output contains new tokens, including a refresh token for future use. ```bash curl -d grant_type=refresh_token \ -d client_id=$CILOGON_CLIENT_ID \ -d client_secret=$CILOGON_CLIENT_SECRET \ -d refresh_token=$CILOGON_REFRESH_TOKEN \ -d scope=scope=openid+profile+email+org.cilogon.userinfo \ https://cilogon.org/oauth2/token \ > cilogon-token-response.json ``` ```bash export CILOGON_ACCESS_TOKEN=$(jq -r .access_token < cilogon-token-response.json) ``` ```bash export CILOGON_REFRESH_TOKEN=$(jq -r .refresh_token < cilogon-token-response.json) ``` -------------------------------- ### Device Authorization Request - cURL Source: https://www.cilogon.org/device Initiates the device flow by sending a POST request to the device authorization endpoint. Include client_id and optionally client_secret and scope. The response contains codes and URIs for user authentication. ```shell export CLIENT_ID="cilogon:/client_id/6e8fdae3459dac6c685c6b6de37c188c" export CLIENT_SECRET="euWajTysidMofassawoigDiweoj1olwa" curl --data-urlencode "client_id=$CLIENT_ID" \ --data-urlencode "client_secret=$CLIENT_SECRET" \ --data-urlencode "scope=openid email profile" \ https://cilogon.org/oauth2/device_authorization ``` -------------------------------- ### OAuth 2.0 Registration Endpoint Source: https://www.cilogon.org/oidc The OAuth 2.0 registration endpoint is used for registering new OIDC clients with CILogon. ```APIDOC ## POST /oauth2/register ### Description Registers a new OAuth 2.0 client. ### Endpoint https://cilogon.org/oauth2/register ``` -------------------------------- ### JSON Web Key Sets (JWKS) Source: https://www.cilogon.org/oidc The JWKS endpoint provides the public keys used to verify the signature of tokens issued by CILogon. ```APIDOC ## GET /oauth2/certs ### Description Retrieves the JSON Web Key Set (JWKS) for token verification. ### Endpoint https://cilogon.org/oauth2/certs ``` -------------------------------- ### PHP Script to Display OIDC Variables Source: https://www.cilogon.org/oidc A PHP script to display HTTP header variables set by mod_auth_openidc, useful for testing and debugging. ```php echo 'OIDC Variables $value) { if ((preg_match("^OIDC",$key)) || (preg_match("^REMOTE_USER",$key))) { echo "\n"; } } ?>
$key$value
' > /var/www/html/oidc/index.php ``` -------------------------------- ### Store Authorization Code Source: https://www.cilogon.org/oidc Save the extracted authorization code into an environment variable for subsequent use in exchanging it for tokens. ```bash export CILOGON_CODE= NB2HI4DTHIXS6Y3JNRXWO33OFZXXEZZPN5QXK5DIGIXTMYZTMU4TQMLDGVRGMY3EGA4TSNLDGFQTSNRXGVSTSMBZGIZDKNJ7OR4XAZJ5MF2XI2D2I5ZGC3TUEZ2HGPJRGYZTOMZVGM3TANRVHE3SM5TFOJZWS33OHV3DELRQEZWGSZTFORUW2ZJ5HEYDAMBQGA ``` -------------------------------- ### Auth0 Universal Login Branding Configuration Source: https://www.cilogon.org/auth0 Customize the Auth0 Universal Login page by adding CILogon authentication button details. This includes specifying the display name, primary color, foreground color, and icon. ```javascript authButtons: { "CILogon": { displayName: "CILogon", primaryColor: "#4b794b", foregroundColor: "#fff", icon: "https://cilogon.org/images/cilogon-logo-40x40-b.png" } }, ``` -------------------------------- ### Custom OIDC Error Template Source: https://www.cilogon.org/oidc HTML file to handle OIDC errors by submitting error details to a specified URL. ```html
``` -------------------------------- ### Auth0 Custom Action for CILogon Claims Source: https://www.cilogon.org/auth0 Use this Node.js Action to assert CILogon attributes in Auth0 ID tokens. It iterates through a predefined list of attributes and sets them as custom claims if they exist in user metadata. ```javascript exports.onExecutePostLogin = async (event, api) => { const namespace = "https://cilogon.org/"; const attributes = [ "acr", "affiliation", "amr", "entitlement", "eppn", "eptid", "eduPersonAssurance", "eduPersonOrcid", "idp", "idp_name", "isMemberOf", "itrustuin", "member_of", "oidc", "ou", "pairwise_id", "preferred_username", "sub", "subject_id", "uid", "uidNumber", "voPersonExternalID" ]; attributes.forEach((attr) => { if (event['user']['user_metadata'][attr]) { api.idToken.setCustomClaim(namespace + attr, event['user']['user_metadata'][attr]); } }); }; ``` -------------------------------- ### OAuth 2.0 User Info Endpoint Source: https://www.cilogon.org/oidc The OAuth 2.0 user info endpoint returns claims about the authenticated end-user. ```APIDOC ## GET /userinfo ### Description Retrieves claims about the authenticated end-user. ### Endpoint https://cilogon.org/userinfo ``` -------------------------------- ### Token Request Source: https://www.cilogon.org/device Polls the token endpoint to obtain tokens after user authorization. Handles both success and error responses. ```APIDOC ## POST https://cilogon.org/oauth2/token ### Description Requests an access token, ID token, and refresh token using a device code obtained from the device authorization endpoint. This endpoint is polled by the device client until the user completes the authorization flow or the code expires. ### Method POST ### Endpoint https://cilogon.org/oauth2/token ### Parameters #### Request Body - **client_id** (string) - Required - The CILogon OAuth2/OIDC client identifier. - **client_secret** (string) - Optional - For Confidential Clients, the secret associated with the client_id. Omitted for Public Clients. - **device_code** (string) - Required - The device_code returned by the device_authorization endpoint. - **grant_type** (string) - Required - This value must be "urn:ietf:params:oauth:grant-type:device_code". ### Request Example ```bash export CLIENT_ID="cilogon:/client_id/6e8fdae3459dac6c685c6b6de37c188c" export CLIENT_SECRET="euWajTysidMofassawoigDiweoj1olwa" export \ DEVICE_CODE="NB2HI4DTHIXS6Y3JNRXWO33OFZXXEZZPN5QXK5DIGIXTGNJYMIZWCYZSGA2WMMJTHEZGENTDG42DSZJSH52HS4DFHVQXK5DIPJDXEYLOOQTHI4Z5GE3DENZTGE2DCMRRHAYDAJTWMVZHG2LPNY6XMMROGATGY2LGMV2GS3LFHU4TAMBQGAYA" curl --data-urlencode "client_id=$CLIENT_ID" \ --data-urlencode "client_secret=$CLIENT_SECRET" \ --data-urlencode "device_code=$DEVICE_CODE" \ --data-urlencode "grant_type=urn:ietf:params:oauth:grant-type:device_code" \ https://cilogon.org/oauth2/token ``` ### Response #### Success Response (200) - **access_token** (string) - An access token for the userinfo endpoint. - **id_token** (string) - A JWT containing user attributes. - **refresh_token** (string) - A refresh token to obtain new access tokens (if enabled). - **token_type** (string) - The type of token, typically "Bearer". - **expires_in** (integer) - The time in seconds the token is valid. #### Response Example (Success) ```json { "access_token": "NB2HI4DTHIXS6ZDF...", "refresh_token": "NB2HI4DTHIXS6ZDF...", "id_token": "eyJ0eXAiOiJKV1Q...", "token_type": "Bearer", "expires_in": 900 } ``` #### Error Response - **error** (string) - Indicates the status, e.g., "authorization_pending", "slow_down". - **error_description** (string) - A human-readable explanation of the error. #### Response Example (Error) ```json { "error": "authorization_pending", "error_description": "authorization pending" } ``` ``` -------------------------------- ### OAuth 2.0 Device Authorization Endpoint Source: https://www.cilogon.org/oidc The OAuth 2.0 device authorization endpoint is used for device authorization flows. ```APIDOC ## POST /oauth2/device_authorization ### Description Initiates the OAuth 2.0 device authorization grant flow. ### Endpoint https://cilogon.org/oauth2/device_authorization ``` -------------------------------- ### OAuth 2.0 Authorization Endpoint Source: https://www.cilogon.org/oidc The OAuth 2.0 authorization endpoint is used to obtain authorization from the resource owner and issue access tokens. ```APIDOC ## GET /authorize ### Description Initiates the OAuth 2.0 authorization code grant flow. ### Endpoint https://cilogon.org/authorize ``` -------------------------------- ### OAuth 2.0 Token Endpoint Source: https://www.cilogon.org/oidc The OAuth 2.0 token endpoint is used to obtain access tokens by exchanging authorization grants. ```APIDOC ## POST /oauth2/token ### Description Exchanges an authorization grant for an access token. ### Endpoint https://cilogon.org/oauth2/token ``` -------------------------------- ### OAuth 2.0 Introspection Endpoint Source: https://www.cilogon.org/oidc The OAuth 2.0 introspection endpoint is used to validate tokens. ```APIDOC ## POST /oauth2/introspect ### Description Validates an access token. ### Endpoint https://cilogon.org/oauth2/introspect ``` -------------------------------- ### OAuth 2.0 Revocation Endpoint Source: https://www.cilogon.org/oidc The OAuth 2.0 revocation endpoint is used to revoke access or refresh tokens. ```APIDOC ## POST /oauth2/revoke ### Description Revokes an access or refresh token. ### Endpoint https://cilogon.org/oauth2/revoke ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.